Release Notes - 2.52.0📜
Please see our documentation page for more information on how to consume and deploy BigBang. This release was primarily tested on Kubernetes 1.30.3 (RKE2).
Upgrade Notices📜
Big Bang 3.0 is scheduled for release on June 13, 2025📜
Check out some of the epics and issues making it into this release, or read in greater depth about the Operatorless Istio Migration on our blog. Register to attend our next briefing, scheduled for Thursday 5 June 2025 at 1300 CT!
Coming soon: Watch the recording of our latest ‘Opening the Vault’ information session for more information about Big Bang 3.0
Please e-mail aflcmc.hncx.platformonebigbang@us.af.mil if you would like to be added to our Big Bang Distro List for the latest Big Bang BBTOC, Immersion Series, and e-mail updates
Version 2.54, releasing on May 30, 2025, will be the last update in the 2.x series and will reach end-of-life (EOL) upon the release of Big Bang 3.0
-
-
Additional Envoy Filters📜
-
Big Bang’s
istiod
package (a component of operatorless istio) now supports the deployment of additionalEnvoyFilter
resources via values overlays:istiod: values: additionalEnvoyFilters: - name: hello-world labels: # optional hello: world annotations: # optional hello/world: "true" spec: configPatches: - applyTo: HTTP_FILTER match: context: SIDECAR_INBOUND listener: filterChain: filter: name: envoy.filters.network.http_connection_manager subFilter: name: envoy.filters.http.router patch: operation: INSERT_BEFORE value: name: envoy.filters.http.lua.hello-world typed_config: "@type": type.googleapis.com/envoy.extensions.filters.http.lua.v3.Lua inlineCode: | function envoy_on_response(response_handle) response_handle:headers():add("x-hello", "world") end
-
NOTE: Any
EnvoyFilter
resources applied via this method will be deployed to theistio-system
namespace.
-
-
- New package - Beta - Backstage:
- Backstage, the popular developer portal framework, is now available as a Beta release addon for big bang. It currently supports several core packages of big bang as an enabled component resource. This includes base bigbang kubernetes resources information, istio, kiali, monitoring, kyverno, and logging, with plans to include other core and addon packages in the near future as dynamic components for big bang users. See backstage package architecture for information on backstage within bigbang. See P1 backstage chart for details and documentation regarding backstage configuration.
- Nexus - MR:
-
As of version 3.77.0, the free edition of Nexus Repository is now called Sonatype Nexus Repository Community Edition.
- Ref: https://help.sonatype.com/en/sonatype-nexus-repository-3-77-0-release-notes.html#sonatype-nexus-repository-oss-is-now-community-edition
- The transition to community edition comes with additional usage limitations. Big Bang consumers are encouraged to review their usage of this project and determine if their usage still falls within the community edition usage limits.
-
Upgrades from previous releases📜
If coming from a version pre-2.51.1
, note the additional upgrade notices in any release in between. The BB team doesn’t test/guarantee upgrades from anything pre-2.51.1
.
Packages📜
Package | Type | Package Version | BB Version |
---|---|---|---|
Alloy | Addon | 1.7.1 |
2.0.23-bb.0 |
Anchore Enterprise | Addon | 5.16.0 |
3.6.0-bb.1 |
Addon | 2.14.10 |
7.8.26-bb.0 🔗 |
|
Authservice | Addon | 1.0.4 |
1.0.4-bb.2 |
Addon | 1.0.4 |
2.5.1-bb.0 |
|
Core | N / A | 1.0.0-bb.4 🔗 |
|
Cluster Auditor | Core | 0.0.7 |
1.5.0-bb.25 |
Core | 3.0.0 |
3.0.0-bb.0 🔗 |
|
Core | Kibana 8.17.4 Elasticsearch 8.17.4 |
1.28.0-bb.5 🔗 |
|
External Secrets | Addon | 0.15.1 |
0.15.1-bb.0 |
Fluentbit | Core | 3.2.9 |
0.48.9-bb.0 |
Fortify | Addon | 24.4.2.0009 |
1.1.2320154-bb.24 |
Gatekeeper | Core | 3.18.2 |
3.18.2-bb.5 |
Addon | 17.10.4 |
8.10.4-bb.0 🔗 |
|
Gitlab Runner | Addon | 17.10.0 |
0.75.1-bb.0 |
Core | 11.6.0 |
8.12.1-bb.0 🔗 |
|
Haproxy | Addon | 2.2.33 |
1.19.3-bb.10 |
Harbor | Addon | 2.11.0 |
1.16.2-bb.4 |
Istio Controlplane | Core | Istio 1.23.6 Tetrate Istio Distro 1.23.6 |
1.23.6-bb.0 |
Core | 1.25.2 |
1.25.2-bb.0 🔗 |
|
Core | 1.25.2 |
1.25.2-bb.1 🔗 |
|
Istio Operator | Core | Istio Operator 1.23.6 Tetrate Istio Distro Operator 1.23.6 |
1.23.6-bb.0 |
Core | 1.25.2 |
1.25.2-bb.2 🔗 |
|
Core | 1.62.0 |
2.57.0-bb.8 🔗 |
|
Keycloak | Addon | 26.1.4 |
7.0.1-bb.0 |
Kiali | Core | 2.8.0 |
2.8.0-bb.0 |
Kyverno | Core | 1.13.4 |
3.3.6-bb.1 |
Core | 3.3.4 |
3.3.4-bb.8 🔗 |
|
Kyverno Reporter | Core | 3.0.3 |
3.0.3-bb.1 |
Core | 3.4.3 |
6.29.0-bb.0 🔗 |
|
Addon | 10.6.1 |
10.6.1-bb.5 🔗 |
|
Mattermost Operator | Addon | 1.22.1 |
1.22.1-bb.2 |
Metrics Server | Addon | 0.7.2 |
3.12.2-bb.3 |
Addon | '2.16.0' |
5.7.0-bb.0 🔗 |
|
Addon | RELEASE.2025-04-03T14-56-28Z |
7.0.1-bb.0 🔗 |
|
Addon | 7.1.1 |
7.1.1-bb.0 🔗 |
|
Core | Prometheus 3.2.1 Grafana 11.6.0 Alertmanager 0.28.1 |
70.7.0-bb.0 🔗 |
|
Neuvector | Core | 5.4.1 |
2.8.3-bb.1 |
Addon | 3.79.0-09 |
79.0.0-bb.0 🔗 |
|
Promtail | Core | 3.4.3 |
6.16.6-bb.3 |
Sonarqube | Addon | 10.7.0-community |
10.7.0-bb.1 |
Tempo | Core | Tempo 2.7.2 Tempo Query 2.7.2 |
1.20.0-bb.0 |
Addon | 0.38.0 |
16.0.2-bb.0 🔗 |
|
Core | 34.00.141 |
0.20.1-bb.0 🔗 |
|
Addon | 1.19.2 |
0.30.0-bb.1 🔗 |
|
Velero | Addon | 1.15.2 |
8.7.1-bb.0 |
Wrapper | Core | 0.4.14 |
0.4.14 |
Changes in 2.52.0📜
Big Bang MRs📜
- !6046: Resolve “Update Minimum Hardware Requirements Spreadsheet to include Metrics-Server”
Argocd📜
- !6174: argocd update to 7.8.26-bb.0
# Changelog Updates
## [7.8.26-bb.0] - 2025-04-17
### Changed
- registry1.dso.mil/ironbank/big-bang/argocd v2.14.9 -> v2.14.10
- registry1.dso.mil/ironbank/bitnami/analytics/redis-exporter v1.69.0 -> v1.70.0
- registry1.dso.mil/ironbank/opensource/dexidp/dex v2.41.1 -> v2.42.0
- Update redis chart 20.11.4-bb.1 -> 20.13.0-bb.0
## [7.8.23-bb.2] - 2025-04-15
### Changed
- Updated labels for cypress tests to avoid conflict
Bbctl📜
- !6147: bbctl update to 1.0.0-bb.4
# Changelog Updates
## [1.0.0-bb.4] - 2025-04-10
### Changed
- gluon - patch - 0.5.14 -> 0.5.15
## [1.0.0-bb.3] - 2025-04-08
### Changed
- Enable the standard pipelines for packages
Eck Operator📜
- !6150: eckOperator update to 3.0.0-bb.0
# Changelog Updates
## [3.0.0-bb.0] - 2025-04-16
### Changed
- eck-operator updated from 2.16.1 to 3.0.0
Elasticsearch Kibana📜
# Changelog Updates
## [1.28.0-bb.5] - 2025-04-18
### Changed
- Added imagePullSecrets to be empty and it will use the default
## [1.28.0-bb.4] - 2025-04-14
### Changed
- gluon updated from 0.5.14 to 0.5.15
- ironbank/opensource/kubernetes/kubectl updated from v1.30.11 to v1.32.3
- prometheus-elasticsearch-exporter chart updated from 6.6.1 to 6.7.2
Gitlab📜
- !6130: gitlab update to 8.10.4-bb.0
# Changelog Updates
## [8.10.4-bb.0] - 2025-04-12
### Changed
- ironbank/gitlab/gitlab/gitlab-webservice 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/certificates 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitaly 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-base 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-container-registry 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-exporter 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-mailroom 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-pages 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-shell 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-sidekiq 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-toolbox 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-webservice 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/gitlab-workhorse 17.10.1 -> 17.10.4
- registry1.dso.mil/ironbank/gitlab/gitlab/kubectl 17.10.1 -> 17.10.4
Grafana📜
- !6163: grafana update to 8.12.1-bb.0
# Changelog Updates
## [8.12.1-bb.0] - 2025-04-18
### Changed
- gluon updated from 0.5.14 to 0.5.15
- grafana chart updated from 8.11.0 to 8.12.1
Istio Crds📜
- !6154: istioCRDs update to 1.25.2-bb.0
# Changelog Updates
## [1.25.2-bb.0] - 2025-04-17
### Added
- Updated for upstream 1.25.2
Istio Gateway📜
- !6153: istioGateway update to 1.25.2-bb.1
# Changelog Updates
## [1.25.2-bb.1] - 2025-04-22
### Changed
- Updated chart meta and added annotations
## [1.25.2-bb.0] - 2025-04-18
### Changed
- Updated for upstream 1.25.2
Istiod📜
- !6186: istiod update to 1.25.2-bb.2
- !6176: istiod update to 1.25.2-bb.1
- !6164: Adds missing Traces templating to Istiod (Operator-less) package
- !6155: istiod update to 1.25.2-bb.0
# Changelog Updates
## [1.25.2-bb.2] - 2025-04-30
### Added
- Added a `NetworkPolicy` that allows istiod access to the Kubernetes API
## [1.25.2-bb.1] - 2025-04-29
### Added
- Added option for passing in `EnvoyFilter` resources via `additionalEnvoyFilters`
### Changed
- Renamed `network-policies/additional-network-policies.yaml` to `network-policies/additional.yaml` for consistency
## [1.25.2-bb.0] - 2025-04-17
### Changed
- Updated for upstream 1.25.2
Jaeger📜
- !6115: jaeger update to 2.57.0-bb.8
# Changelog Updates
## [2.57.0-bb.8] - 2025-04-15
### Removed
- Removed kubectl image from chart.yaml and values, as its been included by gluon
### Updated
- gluon 0.5.14 -> 0.5.15
- jaegertracing/jaeger-collector 1.67.0 -> 1.68.0
- jaegertracing/jaeger-es-index-cleaner 1.67.0 -> 1.68.0
- jaegertracing/jaeger-ingester 1.67.0 -> 1.68.0
- jaegertracing/jaeger-query 1.67.0 -> 1.68.0
Kyverno Policies📜
- !6085: kyverno-policies update to 3.3.4-bb.8
# Changelog Updates
## [3.3.4-bb.8] - 2025-04-11
### Changed
- Update Gatekeeper migration doc
## [3.3.4-bb.7] - 2025-04-04
### Changed
- Fix Gatekeeper migration docs that is inaccurate
- Updated Gluon from 0.5.14 -> 0.5.15
- Updated registry1.dso.mil/ironbank/opensource/kubernetes/kubectl from v1.30.10 -> v1.32.3
Loki📜
- !6159: loki update to 6.29.0-bb.0
# Changelog Updates
## [6.29.0-bb.0] - 2025-04-18
### Changed
- Updated `loki` from 3.4.2 -> 3.4.3
- Updated `loki-canary` from 3.4.2 -> 3.4.3
- Updated `grafana-enterprise-logs` from v3.4.1 -> v3.4.2
- Updated `enterprise-logs-provisioner` from 3.4.1 -> 3.4.2
- Updated `k8s-sidecar` from 1.30.0 -> 1.30.3
- Updated `kubectl` from v1.30.10 -> v1.32.3
- Updated `memcached` from 1.6.37 -> 1.6.38
- Updated `nginx` from 1.27.4 -> 1.27.5
- Updated `gluon` from 0.5.14 -> 0.5.15
- Updated `rollout-operator` from 0.23.0 -> 0.24.0
Mattermost📜
- !6166: mattermost update to 10.6.1-bb.5
# Changelog Updates
## [10.6.1-bb.5] - 2025-03-28
### Changed
- Added registry1.dso.mil/ironbank/opensource/minio/operator-sidecar (source) v7.0.0 -> v7.0.1
- Updated minio-instance updated to 7.0.1-bb.0
- Updated registry1.dso.mil/ironbank/opensource/minio/minio (source) RELEASE.2025-01-20T14-49-07Z -> RELEASE.2025-04-03T14-56-28Z
Mimir📜
- !6157: mimir update to 5.7.0-bb.0
# Changelog Updates
## [5.7.0-bb.0] - 2025-04-23
### Changed
- mimir-distributed updated from 5.6.0 to 5.7.0
- registry1.dso.mil/ironbank/opensource/grafana/mimir 2.15.1 -> 2.16.0
- registry1.dso.mil/ironbank/opensource/grafana/rollout-operator v0.24.0 -> v0.26.0
- registry1.dso.mil/ironbank/opensource/nginx/nginx 1.27.4 -> 1.27.5
Minio📜
- !6142: minio update to 7.0.1-bb.0
# Changelog Updates
## [7.0.1-bb.0] - 2025-04-21
### Changed
- Updated ironbank/opensource/minio/minio (source) RELEASE.2025-01-20T14-49-07Z -> RELEASE.2025-04-03T14-56-28Z
- Updated minio-instance to 7.0.1
- Updated operator-sidecar to v7.0.1
Minio Operator📜
# Changelog Updates
## [7.1.1-bb.0] - 2025-04-22
### Changed
- registry1.dso.mil/ironbank/opensource/minio/operator v7.0.1 -> v7.1.1
## [7.0.1-bb.3] - 2025-04-10
### Changed
- Update registry1.dso.mil/ironbank/opensource/minio/operator-sidecar to v7.0.1
Monitoring📜
- !6149: monitoring update to 70.7.0-bb.0
# Changelog Updates
## [70.7.0-bb.0] - 2025-04-19
### Changed
- grafana 8.11.4 -> 8.12.1
- kube-prometheus-stack 70.4.1 -> 70.7.0
- kube-state-metrics 5.31.2 -> 5.32.0
- prometheus-windows-exporter 0.9.2 -> 0.10.0
- quay.io/prometheus-operator/prometheus-config-reloader v0.81.0 -> v0.82.0
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl v1.30.11 -> v1.32.3
- registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader v0.81.0 -> v0.82.0
- registry1.dso.mil/ironbank/opensource/prometheus/node-exporter v1.9.0 -> v1.9.1
- registry1.dso.mil/ironbank/opensource/thanos/thanos v0.37.2 -> v0.38.0
Nexus📜
- !6172: nexusRepositoryManager update to 79.0.0-bb.0
- !6146: nexusRepositoryManager update to 77.1.0-bb.2
# Changelog Updates
## [79.0.0-bb.0] - 2025-04-23
### Changed
- Updated Gluon 0.5.12 -> 0.5.15
- ironbank/sonatype/nexus/nexus (source) 3.77.0-01 -> 3.79.0-09
- registry1.dso.mil/ironbank/sonatype/nexus/nexus (source) 3.77.0-01 -> 3.79.0-09
## [77.1.0-bb.2] - 2025-04-21
### Changed
- Updated `curl` in tests to use `-L` to correctly handle http-to-https redirection
- Added parameters to determine if in-cluster test calls should use TLS
Thanos📜
- !6156: thanos update to 16.0.2-bb.0
# Changelog Updates
## [16.0.2-bb.0] - 2025-04-21
### Changed
- gluon updated from 0.5.14 to 0.5.15
- ironbank/opensource/thanos/thanos from v0.37.2 -> v0.38.0
- registry1.dso.mil/ironbank/opensource/kubernetes/kubectl from v1.30.10 -> v1.32.3
- registry1.dso.mil/ironbank/opensource/thanos/thanos from v0.37.2 -> v0.38.0
- thanos chart updated from 15.9.1 to 16.0.2
Twistlock📜
- !6179: twistlock update to 0.20.1-bb.0
# Changelog Updates
## [0.20.1-bb.0] - 2025-04-30
### Changed
- gluon updated from 0.5.15 to 0.5.16
- kubectl updated from v1.30.11 to v1.32.4
- registry1.dso.mil/ironbank/twistlock/console/console updated from 34.00.137 to 34.00.141 (vendor hotfix for better IngressNightmare detection)
- registry1.dso.mil/ironbank/twistlock/defender/defender updated from 34.00.137 to 34.00.141 (vendor hotfix for better IngressNightmare detection)
Vault📜
- !6151: vault update to 0.30.0-bb.1
# Changelog Updates
## [0.30.0-bb.1] - 2024-04-22
### Changed
- Updated ironbank/hashicorp/vault (source) 1.19.1 -> 1.19.2
- Updated registry1.dso.mil/ironbank/hashicorp/vault (source) 1.19.1 -> 1.19.2
Known Issues📜
- Kyverno-Reporter - ISSUE
- there is currently a bug within the prometheus Kyverno Reporter (serviceMonitor/kyverno-reporter/policy-reporter-monitoring/0) target
Workaround Steps
- set both the default-istio-system and policy-reporter-default peerauthentication’s to PERMISSIVE
kubectl edit peerauthentication default-istio-system -n istio-system kubectl edit peerauthentication policy-reporter-default -n kyverno-reporter
- set both the default-istio-system and policy-reporter-default peerauthentication’s to PERMISSIVE
- there is currently a bug within the prometheus Kyverno Reporter (serviceMonitor/kyverno-reporter/policy-reporter-monitoring/0) target
Workaround Steps
- keycloak
- keycloak may fail the upgrade. to resolve this, reconcile the helm release and then delete the pods within the keycloak namespace.
flux reconcile hr -n bigbang keycloak --with-source --force kubectl delete pods -n keycloak
- keycloak may fail the upgrade. to resolve this, reconcile the helm release and then delete the pods within the keycloak namespace.
- bbctl
- Dashboards
- CRON job output longer than 16kb will be split into multiple log entries when using the dockerd CRI causing invalid JSON structures to be imported into Loki. Use containerd as the CRI to ensure long log lines are parsed correctly
- Dashboards
Helpful Links📜
As always, we welcome and appreciate feedback from our community of users. Please feel free to:
- Open issues here
- Join our chat
- Check out the documentation for guidance on how to get started
Future📜
Don’t see your feature and/or bug fix? Check out our epics for estimates on when you can expect things to drop, and as always, feel free to comment or create issues if you have questions, comments, or concerns.